en-US
search-icon

Global VPN Client 4.10 Getting Started Guide

Using VPN Connections

Adding a VPN Connection

Adding a new VPN connection is easy because SonicWall’s Client Policy Provisioning automatically provides all the necessary configuration information to make a secure connection to the local or remote network. The burden of configuring the VPN connection parameters is removed.

This section describes how to use the New Connection wizard to create and save a VPN connection. The wizard downloads a VPN connection policy for the Global VPN Client automatically from a local or remote SonicWall VPN gateway over a secure IPsec VPN tunnel.

* 
NOTE: If a default.rcf file is included with the downloaded Global VPN Client software, the VPN policy configured by you is used to create a connection automatically when the client software is installed.
To add a VPN connection using the New Connection Wizard:
1
Choose Start > Programs > Global VPN Client. The first time you open the SonicWall Global VPN Client, the New Connection Wizard launches automatically.

2
If the New Connection Wizard does not display, to launch it, click the New Connection button.
3
Click Next. The New Connection page displays.

4
Enter the IP address or FQDN of the gateway in the IP Address or Domain Name field. The information you type in the IP Address or Domain Name field appears in the Connection Name field.
5
Optionally, if you want a different name for your connection, type the new name for your VPN connection in the Connection Name field.
6
Click Next. The Completing the New Connection Wizard page displays.

7
Optionally, select either or both:
Create a desktop shortcut for this connection if you want to create a shortcut icon on your desktop for this VPN connection.
Enable this connection when the program is launched if you want to automatically establish this VPN connection when you launch the SonicWall Global VPN Client.
8
Click Finish. The new VPN connection appears in the Global VPN Client window.

Making VPN Connections

Making a VPN connection from the Global VPN Client is easy because the configuration information is managed by the SonicWall VPN gateway. The SonicOS (VPN gateway) administrator sets the parameters for what is allowed and not allowed with the VPN connection. For example, for security reasons, the administrator may not allow multiple VPN connections or the ability to access the Internet or local network while the VPN connection is enabled.

The Global VPN Client supports two IPsec authentication modes:

IKE using Preshared Secret
IKE using 3rd Party Certificates.

Preshared Secret is the most common form of the IPsec authentication modes. If your VPN connection policy uses 3rd party certificates, you use the Certificate Manager to configure the Global VPN Client to use digital certificates.

A Pre-Shared Key (also called a Shared Secret) is a predefined password that the two endpoints of a VPN tunnel use to set up an IKE (Internet Key Exchange) Security Association. This field can be any combination of alphanumeric characters with a minimum length of 4 characters and a maximum of 128 characters. Your Pre-Shared Key is typically configured as part of your Global VPN Client provisioning. If it is not, you are prompted to enter it before you log on to the remote network.

Topics:  

Enabling a VPN Connection

This section describes how to establish a VPN connection created in the SonicWall Global VPN Client.

To establish a VPN connection using a VPN connection policy you created in the Global VPN Client:
* 
NOTE: If you selected Enable this connection when the program is launched in the New Connection Wizard, the VPN connection is automatically enabled when you launch the SonicWall Global VPN Client.
1
Launch the SonicWall Global VPN Client from the Windows Start button or from your shortcut. The Global VPN Client window displays.

2
If your VPN connection is not automatically established when you launch the Global VPN Client, choose one of the following methods to enable a VPN connection:
Double-click the VPN connection.
Right-click the VPN connection icon and select Enable from the menu.
Select the VPN connection and press Ctrl+B.
Select the VPN connection, and click the Enable button on the toolbar.
Select the VPN connection, and then choose File > Enable.
If the Global VPN Client icon is displayed in the system tray, right-click the icon and then select Enable > connection name. The Global VPN Client enables the VPN connection without opening the Global VPN Client window.
3
In the Enter Username / Password dialog box, type your username and password. Click OK to continue with establishing your VPN connection.

4
Depending on the attributes for the GroupVPN policy on the SonicWall security appliance, the Enter Pre-Shared Key or Select Certificate dialog may be displayed. See Entering a Pre-Shared Key or Selecting a Certificate for more information.
5
Click OK.
* 
TIP: If the VPN connection policy allows only traffic to the gateway, the Connection Warning message appears, warning you that only network traffic destined for the remote network at the other end of the VPN tunnel is allowed. See Connection Warning for more information.

Entering a Pre-Shared Key

Depending on the attributes for the VPN connection, if no default Pre-Shared Key is used, you must have a Pre-Shared Key provided by the gateway administrator to make your VPN connection. If the default Pre-Shared Key is not included as part of the connection policy download or file, the Pre-Shared Key dialog appears, prompting you for the Pre-Shared key before establishing the VPN connection.

To enter a Pre-Shared Key:
1
Type your Pre-Shared Key in the Pre-shared Key field. The Pre-Shared Key is masked for security.
2
Optionally, to make sure you are entering the correct Pre-Shared Key, select Don’t hide the pre-shared key. The Pre-Shared Key you enter appears unmasked in the Pre-shared Key field.
* 
NOTE: If you select this option, be sure to clear it when you have verified the Pre-Shared Key.
3
Click OK.

Selecting a Certificate

If the SonicWall VPN Gateway requires a Digital Certificate to establish your identity for the VPN connection, the Select Certificate dialog appears. This dialog lists all the available certificates installed on your Global VPN Client.

To select a certificate:
1
Select the certificate from the drop-down menu.

2
If you have a certificate that has not been imported into the Global VPN Client using Certificate Manager, click Import Certificate and import the certificate you need.
3
Click OK.
* 
NOTE: See the SonicWall Global VPN Client Getting Started Guide for more information on using the Certificate Manager.

Connection Warning

If the VPN connection policy allows only traffic to the gateway, the Connection Warning message appears, warning you that only network traffic destined for the remote network at the other end of the VPN tunnel is allowed. Any network traffic destined for local network interfaces and the Internet is blocked.

You can disable the Connection Warning message from displaying every time you enable the VPN connection by selecting If yes, don’t show this dialog box again.

Click Yes to continue with establishing your VPN connection.

Disabling a VPN Connection

Disabling a VPN connection terminates the VPN tunnel. You can disable a VPN connection using these methods:

Right-click the VPN connection in the Global VPN Client window, and select Disable.
Right-click the Global VPN Client icon on the system tray, and choose Disable > connection.
Select the connection, then press Ctrl+B.
Select the connection, and click the Disable button on the toolbar in the Global VPN Client window.